Can't run the regedit, task mngr etc..

Discussion in 'adware, spyware & hijack cleaning' started by Jlavis, Jun 29, 2004.

Thread Status:
Not open for further replies.
  1. Jlavis

    Jlavis Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    3
    I've followed the previous instructions on other posts and have pasted the log from the Hijackthis program (BTW, I used the Spybot S&D)
    My PC is pretty messed up, I usually work with MACs and have no problems like this.
    If someone can help me I'd be much appreciated.
    Fred, from Argentina...


    Logfile of HijackThis v1.97.7
    Scan saved at 5:54:56 PM, on 6/29/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\MSCONFIG35.EXE
    C:\WINDOWS\sysupd.exe
    C:\WINDOWS\System32\wuamgrd.exe
    C:\WINDOWS\System32\wmmiexe.exe
    C:\WINDOWS\System32\lserv.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\wmmiexe.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Fede\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
    F1 - win.ini: run=C:\WINDOWS\services\services\win9x.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ZGNUBIPWD] C:\WINDOWS\ZGNUBIPWD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinLogon] winlogonb.exe
    O4 - HKLM\..\Run: [TBIP] C:\WINDOWS\TBIP.exe
    O4 - HKLM\..\Run: [MSConfig] MSCONFIG35.EXE
    O4 - HKLM\..\Run: [SERVICES32] c:\windows\services\services\win9x.exe
    O4 - HKLM\..\Run: [VnCplUpdate] "C:\Program Files\Common Files\MSDM\msdm.exe"
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
    O4 - HKLM\..\RunServices: [WinLogon] winlogonb.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKCU\..\Run: [Microsoft Office] lserv.exe
    O4 - HKCU\..\RunOnce: [MSConfig] MSCONFIG35.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: WinZip Quick Pick.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Crear un favorito móvil (HKLM)
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.9.cab
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    Well, I guess that's what happens if you're not running an antivirus...

    First, run an online virus scan at Panda Active Scan

    When done, restart your computer, then post a fresh log.
     
  3. Jlavis

    Jlavis Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    3
    what about now?
    Is there anything to be changed to imporove my system?
    Also which firewall would you recommend for me to use which uses relatively low memory ? ( < 3000k )
    thanks,

    Logfile of HijackThis v1.97.7
    Scan saved at 4:22:47 AM, on 6/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\sysupd.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Fede\My Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
    F1 - win.ini: run=C:\WINDOWS\services\services\win9x.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinLogon] winlogonb.exe
    O4 - HKLM\..\Run: [TBIP] C:\WINDOWS\TBIP.exe
    O4 - HKLM\..\Run: [VnCplUpdate] "C:\Program Files\Common Files\MSDM\msdm.exe"
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
    O4 - HKLM\..\RunServices: [WinLogon] winlogonb.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKCU\..\Run: [Microsoft Office] lserv.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
    O4 - Global Startup: WinZip Quick Pick.lnk.disabled
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Crear un favorito móvil (HKLM)
    O9 - Extra 'Tools' menuitem: Crear un favorito móvil... (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.9.cab
    O16 - DPF: {8463A31A-7FB5-4D38-B269-57F4FEFDBB09} (SDData.clsData) - https://mylearning.accenture.com/codebase/SDData.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://www.wildtangent.com/install/wdriver/ddc/shockwave/blackhawkstriker/wtinst.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D3B8B8A0-4FA3-44EB-86C7-5BEA866CEA57} (SDAICC.clsAICC) - https://mylearning.accenture.com/codebase/SDAICC.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/triggernews/ForbesDownloaderSigned.cab
    O16 - DPF: {FE507B78-691A-4DAA-BE3D-793C86592506} (SDWAPI.clsWAPI) - https://mylearning.accenture.com/codebase/SDWAPI.cab
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,360
    Location:
    The Netherlands
    You still have a fair number of issues left.

    Check, and have Hijack This fix ALL of the following items:

    F1 - win.ini: run=C:\WINDOWS\services\services\win9x.exe

    O4 - HKLM\..\Run: [WinLogon] winlogonb.exe
    O4 - HKLM\..\Run: [TBIP] C:\WINDOWS\TBIP.exe
    O4 - HKLM\..\Run: [VnCplUpdate] "C:\Program Files\Common Files\MSDM\msdm.exe"
    O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
    O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\Run: [Microsoft Office] lserv.exe
    O4 - HKLM\..\RunServices: [WinLogon] winlogonb.exe
    O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe
    O4 - HKLM\..\RunServices: [Windows Management Informant] wmmiexe.exe
    O4 - HKLM\..\RunServices: [Microsoft Office] lserv.exe
    O4 - HKCU\..\Run: [Windows Management Informant] wmmiexe.exe
    O4 - HKCU\..\Run: [Microsoft Update] wuamgrd.exe
    O4 - HKCU\..\Run: [Microsoft Office] lserv.exe

    O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.9.cab
    O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/tr...oaderSigned.cab


    Now start your computer in Safe Mode, and delete the C:\WINDOWS\sysupd.exe file.

    You want to install a decent antivirus, as well as a good firewall.

    Have a look here for some pointers:

    http://www.wilders.org/anti_viruses.htm
    http://www.wilders.org/firewalls.htm

    I can recommend Look n Stop as a firewall; it has a very small 'footprint'. There's a review of the application at the "Firewalls" web page I linked to.
     
  5. Jlavis

    Jlavis Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    3
    I've done that and everything seems to be working fine now.. THANKS!

    By the way, I have a linksys router, does that work as a Firewall?
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.